Great list, George. On a similar note, it reminded me of a "10 Common Myths versus Facts of Network Security" writing I did. Mine is more from an end-user perspective (as opposed to a sysadm), but it's in the same general ballpark: http://edgeos.com/myths.html :) ~Jay On Sat, 28 Sep 2002, George Toft wrote: > [Borrowed heavily from http://www.itsa.ufl.edu] > > > Top 10 Excuses for Not Improving Security > > 10. It's just a test box. > ...Any host connected to the network is vulnerable to attack. > > 9. The host administrator is on vacation. > ...Compromised hosts will be blocked, and youll lose service. > > 8. I didnt know that service was running on that machine. > ...Request a vulnerability scan from Network Services. > > 7. I just installed that computer 10 minutes ago. > ...The Internet is flooded with thousands of attacks every second. > > 6. That host doesn't have anything important on it, so its not a > target. > ...Hackers aren't picky. Any vulnerable host is an appealing launching > pad. > > 5. A faculty member, not the administrator, maintains that host. > ...All hosts connected to the network should be managed by a qualified > IT worker. > > 4. I don't have enough time. > ...Is there enough time to recover from an incident? > > 3. I don't have enough money. > ...Are there enough funds to recover from an attack? > > 2. I didn't know there was a patch for that bug. > ...Keep informed by monitoring news, lists and vendor Web sites. > > And the number one excuse for not improving computer security? > > 1. I don't know very much about security. > ...That's easy. Ask your Computer Security Department or your local > Linux User Group. > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- == Jay Jacobson == Edgeos, Inc. - Security is Critical - http://www.edgeos.com == We help you to easily get control of your network's security. == ...or some hacker can just take control instead. You decide.